MDcomputers *seems* to be infected by a Card Skimmer script

Super Moderator

Credit: @SaiyanGoku
It seems that mdcomputers site has been compromised so don't make any purchase for now from there & change any passoword you used on their site which you also use on other sites because most probably your email & password details along with name/address details are also leaked.

First of all, I'm not a Cybersecurity expert so maybe I'm missing something in which case, I'm open to corrections however unfortunately it appears that MDcomputers has been infected by a Card Skimmer. Here's a detailed account of everything.
Story -
I was visiting mdcomputers(dot)in and I noticed that Kaspersky was blocking a Java Script from a URL "googletegmanager", curiously I googled about it and found that there is one legitimate Analytical tool called "googleTAGmanager" however the one Kaspersky was blocking was "googleTEGmanager". Already one red flag as the script is trying to disguise itself as a authentic Google tool.
Using urlscan.io to crawl through mdcomputers website (result linked below) and going to the HTTP tab of the result, I found that the suspicious link was from a Ukrainian IP which was NOT registered under Google, meanwhile the legitimate "googleTAGmanager" was from a German IP and it was registered under Google (see screenshot #1), what's more is that clicking on "Show Response" is also getting blocked by Kaspersky as it detects it as a Trojan (see screenshot #2) but that should the Card Skimmer's script, I'm not wiling enough to disable my Security software to download and open the script as I don't have sandbox environment but feel free to do so yourself if you know what you're doing.
Now to be 100% sure that automated website crawler wasn't also spitting out a false positive like Kaspersky, I visited Mdcomputers website, opened the Console and searched for the suspicious "googleTEGmanager". Lo and behold, there it was (see screenshot #3). Also, I looked up the domain by VirusTotal and found that at least 4 engines detect it as a malware as of writing this post (linked below).
An even bigger smoking gun is that a Cybersecurity firm posted a step-by-step investigation of Card Skimmers (which I followed for this investigation) appears to use "googleTEGmanager" as an example in their investigation for card skimmers and it appears to target online stores to steal Card information. The report is linked below.
Conclusion - Again, I'm not a Cybersecurity expert, far from it but the evidence is hard to ignore and it appears that MDcomputers is indeed infected by this malicious script. This development appears to be recent though as I remember visiting MDcomputers on 21-05-2020 or 22-05-2020 and Kaspersky didn't find any such malware back then. I have already contacted MDcomputers about this and awaiting their reply.URLscanVirusTotal lookupCybersecurity firm's guide (pdf)Screenshot album

23-05-2020 - Now visiting Mdcomputers website doesn't trigger my Kaspersky anymore. I've checked the website and the malicious script from "googleTEGmanager" isn't loading up anymore and while MDcomputers have yet to issue and official statement or reply to my messages or mails, they seem to have replied to a user who linked this Reddit post (see

) and they are saying there is no threat on the website. While that maybe true as of right now, the urlscan.io result that I linked above in the original post yesterday clearly shows that the malicious script WAS on Mdcomputers website. I'd still not recommend anyone buying anything from there till they issue an official statement on this and fix whatever vulnerability that the script used to get into Mdcomputers.

Well-Known Member

Super Moderator

I hope not just on mdcomputers site but every other site where you use the same password & email combination & this time you used an entirely different password for mdcomputers not used on any other site.